Commit Graph

39 Commits

Author SHA1 Message Date
Luca Fontana 9270ab0a38 More support for busybox devices
- Replaced "head -1" with "head -n 1"
- Fixed Stat format error in busybox
- Fixed find -printf error in busybox
- SafeInput accept only alphanumeric values, underscore and hyphens
2024-11-04 19:04:37 +02:00
Michael Boelen 410206619a
Removed restriction for using the plugin and code style improvements 2020-03-23 11:30:10 +01:00
Michael Boelen 98fb272501
Merge pull request #865 from topimiettinen/journald-fix-disk-usage
Fix journalctl output parsing for recent journalctls
2020-03-23 11:18:45 +01:00
Michael Boelen 695eef64ad
Updated version 2020-03-21 14:09:11 +01:00
Michael Boelen fad7c2a8fa
Merge pull request #864 from topimiettinen/pam-selinux-known
pam: pam_selinux is known good module
2020-03-21 14:07:06 +01:00
Michael Boelen 4e0357d728
Merge pull request #863 from topimiettinen/pam-ignore-dash
pam: ignore leading dash
2020-03-21 13:56:10 +01:00
Brian Ginsbach 32d1155953 Fix uses of non-standard find not operator
Use ! rather than the non-standard -not find(1) operator.
2020-03-20 14:37:56 -05:00
Topi Miettinen 6de9c31cf5
Fix journalctl output parsing for recent journalctls
Process output from journalctl (v245) like: "Archived and active
journals take up xxx.xM in the file system."

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-19 21:25:50 +02:00
Topi Miettinen 34ec6a1edf pam: pam_selinux is known good module
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-19 21:17:52 +02:00
Topi Miettinen 9087de0dac
pam: ignore leading dash
PAM rules may have a leading '-' character to indicate that if the
module is missing, the error will be ignored, so let's ignore it in
the check.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-03-19 20:55:23 +02:00
Michael Boelen 09f29a5e64
Code style improvement: quote argument 2019-12-18 12:17:46 +01:00
Michael Boelen b2c73547dd
Initialize variables and filter out pam-old files 2019-12-06 15:55:29 +01:00
Justin McAfee de75687e0a Change wait_for_keypress to WaitForKeyPress, Ln 83 (#534) 2018-03-16 17:24:29 +01:00
mslifcak c170f1fc0a Pin db sync (#519)
* fix testname in one Register and four comments

* remove db dup MAIL-8816; add db AUTH-9489 BOOT-5261 CORE-1000 FILE-6363 FILE-6439 KRNL-5831 MAIL-8817 SINT-7010 USB-3000

* fix description PLGN-3856
2018-02-09 12:37:10 +01:00
Michael Niewöhner 7ae81514b4 Fix 2FA report (#497) 2017-12-14 08:54:28 +01:00
Brian Ginsbach 8e97fc5625 Various PAM cleanups for FreeBSD, NetBSD, and macOS. (#454)
* Use PAM_DIRECTORY variable where appropriate

* Skip checking FreeBSD/NetBSD pam.d/README as a PAM file

FreeBSD and NetBSD install a README file in /etc/pam.d.  Attempting
to check this file as a PAM file just generates a lot of garbage
exceptions in the log.

* Handle 'include' as a PAM control-flag

OpenPAM and some versions of Linux PAM can have a configuration
where the control-flag is 'include'.  Skip further processing as
these files will be processed separately.

* Add missing commonly seen specific PAMs

Add some missing commonly seen specific PAMs from FreeBSD, NetBSD,
and OS X/macOS. The OS X/macOS PAMs were taken from a 10.5 (Leopard)
and 10.10 (Yosemite) system respectively.

Both FreeBSD and NetBSD come with a pam_ssh PAM.  Add a warning
when found confitured as it presents a potential security risk (see
pam_ssh(8) on FreeBSD/NetBSD).
2017-09-04 15:32:57 +02:00
Michael Boelen 4ecb9d4d05
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests 2017-04-30 17:59:35 +02:00
hlein e054e9757c Lots of cleanups (#366)
* Description fix: SafePerms works on files not dirs.

All uses of SafePerms are on files (and indeed, it would reject
directories which would have +x set).

* Lots of whitespace cleanups.

Enforce everywhere(?) the same indentations for if/fi blocks.
The standard for the Lynis codebase is 4 spaces.  But sometimes
it's 1, sometimes 3, sometimes 8.

These patches standardize all(?) if blocks but _not_ else's (which
are usually indented 2, but sometimes zero); I was too lazy to
identify those (see below).

This diff is giant, but should not change code behavior at all;
diff -w shows no changes apart from whitespace.

FWIW I identified instances to check by using:

  perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces="";  } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1)

Which produced output like:

  ./extras/build-lynis.sh:217:            if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then
  ./extras/build-lynis.sh:218:               echo "[X] Version in specfile is outdated"

  ./plugins/plugin_pam_phase1:69:        if [ -d ${PAM_DIRECTORY} ]; then
  ./plugins/plugin_pam_phase1:70:                LogText "Result: /etc/pam.d exists"

...There's probably formal shellscript-beautification tools that
I'm oblivious about.

* More whitespace standardization.

* Fix a syntax error.

This looks like an if [ foo -o bar ]; was converted to if .. elif,
but incompletely.

* Add whitespace before closing ].

Without it, the shell thinks the ] is part of the last string, and
emits warnings like:

  .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 19:23:08 +00:00
hlein b595cc0fb5 Various cleanups (#363)
* Typo fix.

* Style change: always use $(), never ``.

The Lynis code already mostly used $(), but backticks were sprinkled
around.  Converted all of them.

* Lots of minor spelling/typo fixes.

FWIW these were found with:

  find . -type f -print0 | xargs -0 cat | aspell list | sort -u | egrep '^[a-z]+$' | less

And then reviewing the list to pick out things that looked like
misspelled words as opposed to variables, etc., and then manual
inspection of context to determine the intention.
2017-03-06 07:41:21 +00:00
Michael Boelen 2c56651698 Added PLGN-0008 to parse /etc/security/pwquality.conf 2017-03-01 16:28:05 +01:00
Michael Boelen d080f8f6b7 Initialize variable 2017-03-01 16:07:45 +01:00
Michael Boelen dfce1a770a Removed local variable assignment to prevent portability issues 2016-05-09 14:20:16 +02:00
mboelen 4913caadbc Replaced old functions and do less logging to increase speed 2016-04-28 12:59:13 +02:00
mboelen c1bee3b39d Import of systemd plugin as community plugin 2016-04-28 12:33:59 +02:00
mboelen 021fd8a98c Reduce debugging for PAM plugin 2016-04-25 15:49:21 +02:00
mboelen a3084da623 Improved templates and examples 2016-03-24 10:34:16 +01:00
mboelen 2b7e9a9dc2 Log unknown line types 2016-03-03 12:20:02 +01:00
mboelen 7afc82a8aa Set enable status of pwhistory module at beginning of test 2015-10-23 15:53:22 +02:00
mboelen e2b8b9b18a Enabled status of pwhistory module if remember option is used 2015-10-23 14:37:48 +02:00
mboelen d058ba8bfc Added password history tests to PAM plugin 2015-10-22 15:55:14 +02:00
mboelen 2f9b793b78 Added logging of maximum password retries 2015-10-21 23:26:41 +02:00
mboelen 8cddc58c85 Added logging of maximum password retries 2015-10-21 23:11:03 +02:00
mboelen 4cbeb31078 Changes to improve password strength testing 2015-10-21 22:58:52 +02:00
mboelen 7d76efbb78 Improved parsing of PAM files, related logging, password settings 2015-10-21 21:44:58 +02:00
mboelen 8c5f67f624 Added debugging and several fixes 2015-10-15 20:10:21 +02:00
mboelen 361e70fa13 Changed path and added debugging to log file 2015-10-15 19:54:58 +02:00
mboelen 0e3dac5758 Adding new plugin for parsing PAM configurations 2015-10-08 22:36:20 +02:00
mboelen 446885d4fd Added note about community plugins and support address 2015-02-25 20:38:20 +01:00
mboelen c0ae2e217b Initial import 2014-08-26 17:33:55 +02:00